GUAC-801 Implemented new endpoint for password update, and updated js to use the new endpoint.

2025-09-10 07:01:21 +00:00 · 2015-03-10 20:44:45 -07:00
parent 59d794ef96
commit b32f358e7e
8 changed files with 309 additions and 33 deletions
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/APIUserPasswordUpdate.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/APIUserPasswordUpdate.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package org.glyptodon.guacamole.net.basic.rest.user;
+
+/**
+ * All the information necessary for the password update operation on a user.
+ * 
+ * @author James Muehlner
+ */
+public class APIUserPasswordUpdate {
+    
+    /**
+     * The old (current) password of this user.
+     */
+    private String oldPassword;
+    
+    /**
+     * The new password of this user.
+     */
+    private String newPassword;
+
+    /**
+     * Returns the old password for this user. This password must match the
+     * user's current password for the password update operation to succeed.
+     *
+     * @return
+     *     The old password for this user.
+     */
+    public String getOldPassword() {
+        return oldPassword;
+    }
+
+    /**
+     * Set the old password for this user. This password must match the
+     * user's current password for the password update operation to succeed.
+     *
+     * @param oldPassword
+     *     The old password for this user.
+     */
+    public void setOldPassword(String oldPassword) {
+        this.oldPassword = oldPassword;
+    }
+
+    /**
+     * Returns the new password that will be assigned to this user.
+     *
+     * @return
+     *     The new password for this user.
+     */
+    public String getNewPassword() {
+        return newPassword;
+    }
+
+    /**
+     * Set the new password that will be assigned to this user.
+     *
+     * @param newPassword
+     *     The new password for this user.
+     */
+    public void setNewPassword(String newPassword) {
+        this.newPassword = newPassword;
+    }
+}
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Glyptodon LLC
+ * Copyright (C) 2015 Glyptodon LLC
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
@@ -27,6 +27,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.UUID;
+import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
@@ -36,11 +37,14 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleResourceNotFoundException;
+import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
+import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
@@ -112,6 +116,12 @@ public class UserRESTService {
    @Inject
    private ObjectRetrievalService retrievalService;
    
+    /**
+     * The authentication provider used to authenticating a user.
+     */
+    @Inject
+    private AuthenticationProvider authProvider;
+    
    /**
     * Gets a list of users in the system, filtering the returned list by the
     * given permission, if specified.
@@ -262,6 +272,12 @@ public class UserRESTService {
        if (!user.getUsername().equals(username))
            throw new HTTPException(Response.Status.BAD_REQUEST,
                    "Username in path does not match username provided JSON data.");
+        
+        // A user may not use this endpoint to modify himself
+        if (userContext.self().getIdentifier().equals(user.getUsername())) {
+            throw new HTTPException(Response.Status.FORBIDDEN,
+                    "Permission denied.");
+        }

        // Get the user
        User existingUser = retrievalService.retrieveUser(userContext, username);
@@ -275,6 +291,63 @@ public class UserRESTService {

    }
    
+    /**
+     * Updates the password for an individual existing user.
+     *
+     * @param authToken
+     *     The authentication token that is used to authenticate the user
+     *     performing the operation.
+     *
+     * @param username
+     *     The username of the user to update.
+     *
+     * @param userPasswordUpdate
+     *     The object containing the old password for the user, as well as the
+     *     new password to set for that user.
+     *
+     * @param request
+     *     The HttpServletRequest associated with the password update attempt.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while updating the user's password.
+     */
+    @PUT
+    @Path("/{username}/password")
+    @AuthProviderRESTExposure
+    public void updatePassword(@QueryParam("token") String authToken,
+            @PathParam("username") String username, 
+            APIUserPasswordUpdate userPasswordUpdate,
+            @Context HttpServletRequest request) throws GuacamoleException {
+
+        UserContext userContext = authenticationService.getUserContext(authToken);
+        
+        // Build credentials
+        Credentials credentials = new Credentials();
+        credentials.setUsername(username);
+        credentials.setPassword(userPasswordUpdate.getOldPassword());
+        credentials.setRequest(request);
+        credentials.setSession(request.getSession(true));
+        
+        // Verify that the old password was correct 
+        if (authProvider.getUserContext(credentials) == null) {
+            throw new HTTPException(Response.Status.FORBIDDEN,
+                    "Permission denied.");
+        }
+        
+        // Get the user directory
+        Directory<User> userDirectory = userContext.getUserDirectory();
+        
+        // Get the user that we want to updates
+        User user = retrievalService.retrieveUser(userContext, username);
+        
+        // Set password to the newly provided one
+        user.setPassword(userPasswordUpdate.getNewPassword());
+        
+        // Update the user
+        userDirectory.update(user);
+        
+    }
+    
    /**
     * Deletes an individual existing user.
     *